DLL Injection Vulnerability in Symantec Endpoint Protection Products
CVE-2020-5821

7.8HIGH

Key Information:

Vendor: Symantec
Status: Symantec Endpoint Protection (sep) And Symantec Endpoint Protection Small Business Edition (sep Sbe)
Vendor: CVE Published:; 11 February 2020

Summary

Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition are vulnerable to a DLL injection attack, which allows an attacker to execute unauthorized code within the context of the application. This can compromise system integrity by replacing legitimate processes with malicious code, leading to potential data breaches and unauthorized access to sensitive information. Users are advised to update their software to the latest versions to mitigate this risk.

Affected Version(s)

Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively

References

https://support.symantec.com/us/en/article.SYMSA1505.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Jan 6, 2020